Spammers & Identity Misappropriation

And so I was checking my mail over at Yahoo today, when I noticed that I had received an email from YouTube. It was to confirm that my account with them had been created.

The problem is that I did no such thing. As it turns out, this is a new technique employed by spammers. An individual had written a script to have spambots register with YouTube, using for its email address those that had been harvested by the spammer. Once registered, these bots then fill YouTube up with as much spam as they can get away with before the account is disabled.

All of this happens at the expense of the legitimate owner of the email address. The reason this scheme works is that YouTube does not verify the legitimacy of the email addresses of its members. This is unlike most online services, which will send a confirmation email to the listed address to make sure that the account is indeed valid.

Needless to say, I used the account name the spambot registered under to request to have my “lost” password emailed to me. I then logged on the spambot’s YouTube account, changed the email address, and set the password to be a random string of alphanumeric digits. This will thus prevent that spambot to log on again.

I worry of the consequences of this use of legitimate email addresses. I mean what if these addresses were used somewhere other than YouTube; somewhere where the owner of the email address could face repercussions because of the acts of the spammer?

This is yet another reason why I despise any willing participant of the spam business. Thank you spammer, for having attempted to send thousands of unwanted junk under my name.